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Lab 2: Network Analyzer - Wireshark 
Lab Objective: 


- To introduce “wireshark” with the basic utilities/tools of data 
communication and networking. 


Introduction: 

> Wireshark is the world's most popular network analyzer. 

> Itis a very powerful tool that provides network and upper layer 
protocols information about data captured in a network. 

> The Wireshark strength comes from: 
¢ Its easiness to install. 
0 The simplicity of use of its GUI interface. 
6 The very high number of functionality available. 


Activities: 


1. Run Wireshark 

2. Configure Wireshark for your NIC and select the 
interface that you will be using 
Capture > Interfaces OR Capture > Options 
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3. Configure the properties of your chosen capture 
interface 
4. Start and begin your first trace in real time network. 
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Be Ed Yew Go Capture abae Gates Heb 
menus 


command " (untitled) - Ww. ark 


BuwaecucoU*x*saBGesezz/5laean, 


display filter 
specification 


listing of 
captured 


~ # Frame 4 C es on wire, es capture 
pac ets F 4 (710 byt 4 710 byt d) 
* Ethernet II, src: wergear 61:8e:6d (00:05:5b:61:8&:60), pst: westellr_of:92:b9 (O0:0f:db:sfz92:035 
*$ Internet Protocol, Src: 192.168.1.46 (192.168.1.46), Dst: 128.121.50.12? (128.121.50.122) 
* 
= Hypertext Transfer Protocol 
3 GET /news/ HTTP/1.1Nrin 
Host: wew.wireshark.org*srn 
| user-agent: Mo2111a/5.0 (windows; u; windows MT 5.1; en-us; rv:1.8.1.4) Gecko/200705L5 rlrefox/2.0.0.4" 
Accept: text/xml,application/»m]l, application/xhtmi¢xnl, text/html; q=0. 5, text/plain; q-0. B, image/png, */*;« 
: Accept-Language: en-us,en; qed, ry 
details of ACCEPT-Encoding: qzi y, def lare ^n 
g: gzip 
das en Accept-Charset: 155-BB59-1, utf-B; ged. 7, * qed. rn 
selected Keep-Alive: 300y\n 


packet connection: keep-alivey\n 


Referer: http://www. wireshark. org/faq. htal\r\n 
header Cookie: . utma-B7653150,62471437.1181007332,1181007382,1181169142,2; —utmz-87653150,1181007382,1.1.utr 


wea 


packet content | 
in hexadecimal 
and ASCII 


www.wir eshark.a 
rg. User -AQgent: 
(win 


5. Uncheck the "Hide capture info dialog" option in the 
Capture Options dialog box 

6. View packets that you have captured in packet list 
pane, which will bring up the selected packet in the tree 
view and byte view panes. 
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Wireshark: Capture from NETGEAR GA302... M [=] E3 


r Captured Packets 
Total 
SCTP 
TCP 
UDP 
ICMP 
ARP 
OSPF 
GRE 
NetBIOS 
IPX 
VINES 
Other 


% of total 


N 


o 


0.0% 
100.0% 
0.0% 
0.0% 
0.0% 
0.0% 
0.0% 
0.0% 
0.0% 
0.0% 
0.0% 


Stop | 


7. Use the wireshark user guide from help. 
8. Go to the chapter 3: User Interface and explore all the 
menu options 
Questions: 


| 


Qooococuoooood 


Running 00:00:21 


1. What did you understand from "Hide Capture Info 
dialog" option? 

2. How can we filter out the packets while capturing 
packets? 

3. If you do not check the option "Capture packets in 
promiscuous mode" in the capture option dialog. Does 
wireshark would be able to capture all the packets on 
this network segment? State the reason. 

4. What did you understand from "capture filter" and 
"display filter" dialog box? 

5. How can you find a specific packet by knowing packet 
number? 

6. Write down the purpose of using wireshark? What are 
the possible pros and cons of using it? 


Lab Assignment: 


1. How to specify a capture filter for telnet that captures 
traffic to and from a particular host (IP) 
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FCIT 


KAU 
. How to filter out packet list pane down to only those 


packets to or from your computer IP using display filter. 


. How to filter out packet list pane to all the packets 


excluding your computer IP using display filter. 


. Test run and capture the network activity between the FTP 


server and its client (hint: while Wireshark is running, open 
your browser and enter the FTP server. Capture username 
and password entered by user through wireshark). 


. Filtering while capturing (section 4.9) 
. Filtering packets while viewing (section 6.3) 
. Defining and saving filters (section 6.6) 


